While clang's sanitizer recommends a cast to unsigned for safe
negation (to handle -INT_MIN), both MSVC and Visualc emit warning
C4146 if an unsigned value gets negated.
* include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32),
src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a
subtraction.
These versions don't produce run-time errors due to integer
overflow.
* include/freetype/internal/ftobjs.h: Include FT_INTERNAL_CALC_H.
(FT_PAD_ROUND_LONG, FT_PAD_CEIL_LONG, FT_PIX_ROUND_LONG,
FT_PIX_CEIL_LONG): New macros.
(FT_PAD_ROUND_INT32, FT_PAD_CEIL_INT32, FT_PIX_ROUND_INT32,
FT_PIX_CEIL_INT32): New macros.
This commit handles the new engine.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32,
OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG,
NEG_INT32): New macros.
* src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32.
* src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init,
cf2_hintmap_map, cf2_glyphpath_hintPoint,
cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset,
cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use
OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and
NEG_INT32 where appropriate.
* src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend,
cf2_interpT2CharString): Ditto.
Also add some other code where needed to avoid overflow.
This commit (mainly for 32bit CPUs) is the first of a series of
similar commits to handle known integer overflows. Basically, all
of them are harmless, since they affect rendering of glyphs only,
not posing security threats. It is expected that fuzzying will show
up more overflows, to be fixed in due course.
The idea is to mark places where overflows can occur, using macros
that simply cast to unsigned integers, because overflow arithmetic
is well defined in this case. Doing so suppresses run-time errors
of sanitizers without adding computational overhead.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT,
OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros.
* src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply,
FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled,
ft_corner_orientation): Use new macros.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
Extra bitmap padding for LCD filtering depends on the filter. The
default 5-tap filter needs 2 extra subpixels. The light 3-tap filter
needs only 1 extra subpixel. This space could be already available
due to rounding. In order to optimize the padding, we now expand
CBox for the given filter weights before rounding.
This change breakes current Skia (and Firefox).
* include/freetype/internal/ftobjs.h (FT_LibraryRec)
[FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Remove `lcd_extra' field.
* src/base/ftlcdfil.c (FT_Library_SetLcdFilterWeights,
FT_Library_SetLcdFilter): Remove `lcd_extra' initializations.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Implement dymanic
LCD padding.
This mode uses fractional advance widths and doesn't scale glyphs
horizontally, only applying vertical scaling and hinting.
At the same time, the behaviour of the `light' auto-hinter gets
restored for backwards compatibility: Both vertical and horizontal
scaling is again based on rounded metrics values (this was changed
in a commit from 2017-03-30 as a side effect). To be more precise,
the behaviour is restored for TrueType fonts only; for other font
formats like Type 1, this is a new feature of the `light' hinting
mode.
* include/freetype/freetype.h (FT_LOAD_TARGET_SLIGHT): New macro.
(FT_RENDER_MODE_SLIGHT): New render mode.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): Add
`autohint_mode' and `autohint_metrics' fields.
* src/autofit/afcjk.c (af_cjk_hints_init), src/autofit/aflatin.c
(af_latin_hints_init), src/autofit/aflatin2 (af_latin2_hints_init):
Updated.
* src/autofit/afloader.c (af_loader_embolden_glyph_in_slot): Use
`autohint_metrics'.
(af_loader_load_glyph): s/internal/slot_internal/.
Initialize `autohint_metrics' and `autohint_mode' depending on
current auto-hint mode.
Use `autohint_metrics'.
Updated.
* src/base/ftadvanc.c (LOAD_ADVANCE_FAST_CHECK): Updated.
* src/base/ftobjs.c (FT_Load_Glyph): Updated.
(FT_New_Size): Allocate `internal' object.
* src/pshinter/pshalgo.c (ps_hints_apply): Updated.
* src/smooth/ftsmooth.c (ft_smooth_render): Updated.
We are going to extend this later on.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): New
structure with a single field `module_data'.
* src/base/ftobjs.c (FT_New_Size): Allocate `internal' field of
`FT_Size' structure.
* src/cff/cffgload.c (cff_builder_init, cff_decoder_prepare): Use
`size->internal->module_data' instead of `size->internal'.
* src/cff/cffobjs.c (cff_size_done): Deallocate `module_data'.
(cff_size_init, cff_size_select, cff_size_request): Use
`size->internal->module_data' instead of `size->internal'.
* src/cif/cidobjs.c (cid_size_done, cid_size_init,
cid_size_request): Use `size->internal->module_data' instead of
`size->internal'.
* src/psaux/psobjs.c (t1_builder_ini): Use
`size->internal->module_data' instead of `size->internal'.
* src/type1/t1objs.c (T1_Size_Done, T1_Size_Init, T1_Size_Request):
Use `size->internal->module_data' instead of `size->internal'.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/tttypes.h (TT_FaceRec): New fields
`var_postscript_prefix' and `var_postscript_prefix_len'.
* src/sfnt/sfdriver.c: Include FT_TRUETYPE_IDS_H.
(sfnt_is_alphanumeric): New wrapperfunction for `ft_isalnum'.
(get_win_string, get_apple_string): Remove `const' from return
value.
(MAX_VALUE_DESCRIPTOR_LEN, MAX_PS_NAME_LEN): New macros.
(hexdigits): New array.
(sfnt_get_var_ps_name): New function, implementing Adobe TechNote
5902 to construct a PS name for a variation font instance.
(sfnt_get_ps_name): Call `sfnt_get_var_ps_name' for font instances.
* src/sfnt/sfobjs.c (sfnt_done_face): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Reset
`face->postscript_name' to trigger recalculation for new instance
parameters.
* include/freetype/internal/services/svmm.h (FT_Get_Var_Blend_Func):
Add `normalizedcoords' argument.
* src/truetype/ttgxvar.h (GX_BlendRec): Add `coords' field to store
the design coordinates of the current instance.
Updated.
* src/truetype/ttgxvar.c (TT_Set_MM_Blend): Move functionality to...
(tt_set_mm_blend): ... New function.
Convert data in `normalizedcoords' array to `coords' array on
demand.
(TT_Set_Var_Design): Store argument data in `coords' array.
(TT_Get_Var_Design): Get data from `coords' array.
(tt_get_var_blend): Updated.
(tt_done_blend): Updated.
* src/cff/cffload.c, src/cff/cffload.h (cff_get_var_blend): Updated.
* src/cff/cf2ft.c (cf2_getNormalizedVector): Updated.
* src/cff/cffobjs.c (cff_face_init): Updated.
We need this for support of the `random' operator.
* include/freetype/ftcffdrv.h (FT_PARAM_TAG_RANDOM_SEED): New macro.
* include/freetype/internal/ftobjs.h (FT_Face_InternalRec): New
field `random_seed'.
* src/cff/cffobjs.h (CFF_DriverRec): New field `random_seed'.
* include/freetype/internal/tttypes.h (TT_LangTagRec): New
structure.
(TT_NameTableRec): Add fields `numLangTagRecords' and `langTags'.
* src/sfnt/ttload.c (tt_face_load_name): Add support for language
tags.
Reduce array size of name strings in case of invalid entries.
(tt_face_free_name): Updated.
* docs/CHANGES: Updated.
* include/freetype/internal/tttypes.h (TT_FACE_FLAG_VAR_XXX):
Remove all flags related to MVAR; replace it with...
(TT_FACE_FLAG_VAR_MVAR): ...this new macro.
(TT_Face): Remove `mvar_support' field (which was still unused).
* include/freetype/internal/tttypes.h (TT_FACE_FLAG_VAR_XXX):
New macros describing available functionality of various OpenType
tables related to font variation.
(TT_Face): New fields `variation_support' and `mvar_support',
replacing and extending `use_fvar'.
* src/sfnt/sfobjs.c (sfnt_init_face, sfnt_load_face): Use
`variation_support'.
* src/truetype/ttgxvar.c (ft_var_load_hvar): Set `variation_support'
field.
(TT_Vary_Apply_Glyph_Deltas): Updated.
In particular, we need access to named instance data.
* include/freetype/internal/services/svmm.h (FT_Get_Var_Blend_Func):
Add argument for `FT_MM_Var'.
* src/cff/cffload.c (cff_get_var_blend): Updated.
* src/cff/cffload.h: Updated.
* src/cff/cf2ft.c (cf2_getNormalizedVector): Updated.
* src/truetype/ttgxvar.c (tt_get_var_blend): Updated.
Accept value `NULL' for arguments.
* src/truetype/ttgxvar.h: Updated.
This is better behaviour than exiting with an error.
* include/freetype/internal/tttypes.h (TT_Face): Add `use_fvar'
field.
* src/sfnt/sfobjs.c (sfnt_init_face): Compute `use_fvar', also
updating the validation code.
Use `use_fvar' to compute FT_FACE_FLAG_MULTIPLE_MASTERS.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Remove `fvar' validation
code.
* include/freetype/internal/tttypes.h (TT_Face): Move
`is_default_instance' into TT_CONFIG_OPTION_GX_VAR_SUPPORT
block.
* src/sfnt/sfobjs.c (sfnt_init_face): Updated.
* src/truetype/ttgload.c (IS_DEFAULT_INSTANCE): New macro.
(TT_Load_Glyph): Use it.
No effect yet; service functions will be implemented later on.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/services/svmetric.h: New file.
* include/freetype/internal/ftserv.h
(FT_SERVICE_METRICS_VARIATIONS_H): New macro.
* include/freetype/internal/tttypes.h (TT_Face): New field `var'.
* src/sfnt/sfobjs.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(sfnt_init_face): Initialize `face->var'.
* src/truetype/ttdriver.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(tt_service_metrics_variations): New service.
(tt_services): Updated.
* src/truetype/ttpic.h: Updated.
The code simply uses the MM functions from the `truetype' module.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/tttypes.h (TT_Face): New field `mm'.
* src/cff/cffdrivr.c: Include FT_SERVICE_MULTIPLE_MASTERS_H.
(cff_set_mm_blend, cff_get_mm_blend, cff_get_mm_var,
cff_set_var_design, cff_get_var_design): New functions.
(cff_service_multi_masters): New service.
(cff_services): Updated.
* src/cff/cffload.c (cff_get_var_blend, cff_done_blend): New
functions.
* src/cff/cffload.h: Updated.
* src/cff/cffpic.h (CFF_SERVICE_MULTI_MASTERS_GET): New macro.
* src/sfnt/sfobjs.c: Include FT_SERVICE_MULTIPLE_MASTERS_H.
(sfnt_init_face): Initialize `face->mm'.
It can now differentiate between local and global searches.
* src/base/ftobjs.c (ft_module_get_service): Add `global' argument.
(FT_Get_TrueType_Engine_Type): Updated.
* src/cff/cffdrivr.c (cff_get_ps_name, cff_get_cmap_info): Updated.
* include/freetype/internal/ftobjs.h: Updated.
* include/freetype/internal/ftserv.h (FT_FACE_FIND_GLOBAL_SERVICE):
Updated.
For internal use; we want to share code between the forthcoming CFF2
support and TrueType.
* include/freetype/internal/services/svmm.h (FT_Get_Var_Blend_Func):
New typedef.
(MultiMasters): Add `get_var_blend'.
(FT_Service_MultiMasters): Updated.
* src/truetype/ttgxvar.c (tt_get_var_blend): New function.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
For internal use; we want to share code between the forthcoming CFF2
support and TrueType.
* include/freetype/internal/services/svmm.h (FT_Done_Blend_Func):
New typedef.
(MultiMasters): Add `done_blend'.
(FT_Service_MultiMasters): Updated.
* src/truetype/ttgxvar.c (tt_done_blend): Use `TT_Face' as argument.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttobjs.c (TT_Face_Done): Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
CFF2 fonts will need access to those two functions.
* include/freetype/internal/sfnt.h: Include FT_SERVICE_GLYPH_DICT_H.
(SFNT_Interface): Add `get_glyph_name' and `get_name_index' members.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (sfnt_get_glyph_name, sfnt_get_name_index):
Fix signatures to exactly correspond to the glyph dict service
function typedefs.
(sfnt_interface): Updated.
Note that the low-level functions aren't implemented yet.
* include/freetype/ftmm.h: Declare.
* include/freetype/internal/services/svmm.h
(FT_Get_Var_Design_Func): New typedef.
(MultiMasters): New MM service function `get_var_design'.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
Update all callers.
* src/base/ftmm.c (FT_Get_Var_Design_Coordinates): Implement.
* src/truetype/ttdriver.c: Updated.
* src/truetype/ttgxvar.c (TT_Get_Var_Design): New dummy function to
handle `get_var_design' service.
* src/truetype/ttgxvar.h: Updated.
* src/type1/t1driver.c: Updated.
* src/type1/t1load.c (T1_Get_Var_Design): New dummp function to
handle `get_var_design' service.
* src/type1/t1load.h: Updated.
* include/freetype/ftmm.h: Declare.
* include/freetype/internal/services/svmm.h (FT_Get_MM_Blend_Func):
New typedef.
(MultiMasters): New MM service function `get_mm_blend'.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
Update all callers.
* src/base/ftmm.c (FT_Get_MM_Blend_Coordinates,
FT_Get_Var_Blend_Coordinates): Implement.
* src/truetype/ttdriver.c: Updated.
* src/truetype/ttgxvar.c (TT_Get_MM_Blend): New function to handle
`get_mm_blend' service.
* src/truetype/ttgxvar.h: Updated.
* src/type1/t1driver.c: Updated.
* src/type1/t1load.c (T1_Get_MM_Blend): New function to handle
`get_mm_blend' service.
* src/type1/t1load.h: Updated.
* docs/CHANGES: Document.
Ben Wagner